Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17a074f5e5b2f7984bf1a2bf5dc7d703

  • Size

    652KB

  • Sample

    231224-2ylf1ahahr

  • MD5

    17a074f5e5b2f7984bf1a2bf5dc7d703

  • SHA1

    3bd75ae7711be9b54e98f9f233880b2b6ec290db

  • SHA256

    a808c713279d64fe10987ae5b3efc6deb468226c1cdff032d06a2cf0c02d6071

  • SHA512

    d1071720cad6dda7916cb9acaf25fd38bb252559e9331ceea60084d56f555a214431fb8f072e136847443ff12551f09e0222d337e59218b73fcb772907867a1c

  • SSDEEP

    12288:BQMFG+2gef5x/xQTB2OfDKC7WgcBj3hdUU54Knq:BQj+29VgfDnKFDwp

Malware Config

Targets

    • Target

      17a074f5e5b2f7984bf1a2bf5dc7d703

    • Size

      652KB

    • MD5

      17a074f5e5b2f7984bf1a2bf5dc7d703

    • SHA1

      3bd75ae7711be9b54e98f9f233880b2b6ec290db

    • SHA256

      a808c713279d64fe10987ae5b3efc6deb468226c1cdff032d06a2cf0c02d6071

    • SHA512

      d1071720cad6dda7916cb9acaf25fd38bb252559e9331ceea60084d56f555a214431fb8f072e136847443ff12551f09e0222d337e59218b73fcb772907867a1c

    • SSDEEP

      12288:BQMFG+2gef5x/xQTB2OfDKC7WgcBj3hdUU54Knq:BQj+29VgfDnKFDwp

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks